Let's Encrypt is a pretty awesome service that offers auto-renewable, free SSL certificates, and unlike CACert, Mozilla has enough money to pay the inevitable bribes necessary to become a "trustworthy" default CA in major browsers. As such, it actually works with random clients off the internet and I can enable it without breaking too much. Android 2, Windows XP and Java clients won't work, but fuck those.